code.gitea.io/gitea vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-28737Highcode.gitea.io/gitea: Gitea: Stored XSS via glTF `extensionsRequired` in Gitea 3D File ViewerCVE-2026-24791Highcode.gitea.io/gitea: Gitea: Public-only tokens bypass private-resource restrictions on `/api/v1/user` self routesCVE-2026-22555Highcode.gitea.io/gitea: Gitea: API Fork Missing CanCreateOrgRepo Check Allows Org Secret ExfiltrationCVE-2026-20706Mediumcode.gitea.io/gitea: Gitea: Token scope bypass on web archive download endpointCVE-2026-27783Mediumcode.gitea.io/gitea: Gitea: Missing repository-unit authorization on issue-template API endpointsCVE-2026-25714Mediumcode.gitea.io/gitea: Gitea: Incomplete CVE-2025-68941 fix: /user/orgs missing checkTokenPublicOnly + switch-case logic…CVE-2026-26231Highcode.gitea.io/gitea: Gitea: Authorization Bypass via "Allow edits from maintainers" allows unauthorized commits to any…CVE-2026-28699Highcode.gitea.io/gitea: Gitea: OAuth2 access token scope enforcement bypass via HTTP Basic authenticationCVE-2026-28744Highcode.gitea.io/gitea: Gitea: Git Smart HTTP Skips Repository Token Scopes for Bearer TokensGHSA-3M6Q-H5GJ-7MRWMediumcode.gitea.io/gitea: Gitea has insecure default SSH settingsCVE-2026-20736Lowcode.gitea.io/gitea: Gitea has improper access control for uploaded attachmentsCVE-2026-0798Lowcode.gitea.io/gitea: Gitea may send release notification emails for private repositories to users whose access has been…CVE-2025-69413Mediumcode.gitea.io/gitea: Gitea's /api/v1/user endpoint has different responses for failed authentication depending on…CVE-2025-68945Mediumcode.gitea.io/gitea: Gitea: anonymous user can visit private user's projectCVE-2025-68946Mediumcode.gitea.io/gitea: Gitea vulnerable to Cross-site ScriptingCVE-2025-68943Mediumcode.gitea.io/gitea: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime…CVE-2025-68944Mediumcode.gitea.io/gitea: Gitea sometimes mishandles propagation of token scope for access control within one of its own…CVE-2025-68942Mediumcode.gitea.io/gitea: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of…CVE-2025-68940Lowcode.gitea.io/gitea: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request.CVE-2025-68941Mediumcode.gitea.io/gitea: Gitea mishandles access to a private resource upon receiving an API token with scope limited to…CVE-2025-68939Highcode.gitea.io/gitea: Gitea allows attackers to add attachments with forbidden file extensionsCVE-2025-68938Mediumcode.gitea.io/gitea: Gitea mishandles authorization for deletion of releasesCVE-2024-6886Criticalcode.gitea.io/gitea: Gitea Cross-site Scripting VulnerabilityCVE-2020-14144Highcode.gitea.io/gitea: Arbitrary Code Execution in GiteaCVE-2022-38795Mediumcode.gitea.io/gitea: Gitea erroneous repo clones

Stop the waste.
Protect your environment with Kodem.